Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: have I been hacked on Chrome browser?

14 Feb 2014   #31
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Hmmm thats weird for roguekiller, Did you try restarting and running it again?
Also, im not a fan of IE and have always thought of it to cause problems, i suggest using firefox until your personal preference is available again.


My System SpecsSystem Spec
.
14 Feb 2014   #32
sdowney717

Windows 7 Ultimate x64
 
 

yes restarted once.
I just got malwarebytes from filehippo
uninstalled it and reinstalled it and did a full scan and it found 3 items, one a Trojan.

Quote:
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Tricia :: TRICIA-PC [administrator]
2/14/2014 7:14:10 AM
mbam-log-2014-02-14 (07-14-10).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335283
Time elapsed: 1 hour(s), 3 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Tricia\Pictures\Downloads\mediaplayerlite_d166371.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Tricia\Pictures\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Tricia\Pictures\Downloads\Ticket.zip (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.

(end)
My System SpecsSystem Spec
14 Feb 2014   #33
sdowney717

Windows 7 Ultimate x64
 
 

I went direct to the site and downloaded OTL and roguekiller.

After malwarebytes killed that Trojan, I restarted roquekiller and it is running to completion. It has gone beyond where it had hung up. So prescan completed and now it is doing the full scan.
My System SpecsSystem Spec
.

14 Feb 2014   #34
sdowney717

Windows 7 Ultimate x64
 
 

RK report.

In the gui window, it shows reg entries and in the driver tab shows false illegitimate programs

Quote:
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Adlice forum - Index
Website : RogueKiller download
Blog : Adlice Software | malware analysis
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tricia [Admin rights]
Mode : Scan -- Date : 02/14/2014 08:53:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x5C9313C5)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D90DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76D9460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x75B546E9)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) MAXTOR STM3200820A ATA Device +++++
--- User ---
[MBR] 7ab1e9c4f037b7cc2939d3b2f6f59c1f
[BSP] f0fd0e653df2b2f115e11cf7a255ff35 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 156301310 | Size: 114462 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02142014_085315.txt >>

I told it to fix everything, except shortcuts as it gave a warning about hidden files.etc...


Attached Thumbnails
have I been hacked on Chrome browser?-rk3.png  
My System SpecsSystem Spec
14 Feb 2014   #35
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Go ahead and run the delete part.
My System SpecsSystem Spec
14 Feb 2014   #36
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Download DDS from here: dds.scr or here: dds.com and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Anti-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please Copy & Paste the contents of the following logs in your next reply: DDS.txt and Attach.txt
Then run this



Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
My System SpecsSystem Spec
14 Feb 2014   #37
sdowney717

Windows 7 Ultimate x64
 
 

DDS first, then attach second.
Why does it say not to post attach.txt as text?

I uninstalled Chrome and reinstalled Chrome and so far no troubles.
I am using chrome to post this.

Quote:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Tricia at 9:50:38 on 2014-02-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.1407 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\Google\Chrome Remote Desktop\32.0.1700.98\remoting_host.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\kX Audio Driver\3550\kxmixer.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe
C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ubuntuone\dist\ubuntu-sso-login.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Ubuntu One] "c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
uRun: [Ubuntu One Icon] "c:\program files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "c:\users\tricia\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{71ACC367-6EDA-44D8-95B9-EF737496DB3D} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\7qf6qhde.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-1 180248]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-1-10 16504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-16 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-16 410784]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/21 12:35:16];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-9-10 89616]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-2-12 172032]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-16 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-12 50344]
R2 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\32.0.1700.98\remoting_host.exe [2014-1-13 50456]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-1-21 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-1-21 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-1-21 295440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-14 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-14 701512]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-1-21 121208]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2013-1-10 225400]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2013-1-22 13880]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-11 64168]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-9-17 607496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-14 22856]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Bda8600;VBox TV Receiver, BDA Tuner Driver (DTF8600);c:\windows\system32\drivers\Dtf8600b.sys [2013-12-20 102016]
S3 BdaVb35xx;VBox Vb35xx BDA driver;c:\windows\system32\drivers\Vb35xxB.sys [2013-12-20 157696]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-1-12 108032]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2013-1-16 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-15 1343400]
.
=============== Created Last 30 ================
.
2014-02-14 12:12:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-14 12:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-13 21:29:08 -------- d-----w- C:\AdwCleaner
2014-02-13 20:59:38 -------- d-----w- C:\$RECYCLE.BIN
2014-02-13 20:58:00 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9f7aa91a-f1de-4573-a156-a2ccd9cd285a}\offreg.dll
2014-02-13 20:42:37 -------- d-----w- C:\Qoobox - Copy (2)
2014-02-13 20:42:21 -------- d-----w- C:\Qoobox - Copy
2014-02-12 22:59:36 98816 ----a-w- c:\windows\sed.exe
2014-02-12 22:59:36 256000 ----a-w- c:\windows\PEV.exe
2014-02-12 22:59:36 208896 ----a-w- c:\windows\MBR.exe
2014-02-12 18:55:32 -------- d-----w- c:\users\tricia\appdata\local\ATI
2014-02-12 18:48:40 -------- d-----w- c:\program files\common files\ATI Technologies
2014-02-12 17:52:58 -------- d-----w- c:\program files\AMD APP
2014-02-12 17:52:39 -------- d-----w- c:\program files\ATI
2014-02-12 17:51:20 -------- d-----w- c:\program files\ATI Technologies
2014-02-12 17:49:18 -------- d-----w- C:\AMD
2014-02-08 15:38:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-03 14:05:54 -------- d-----w- C:\Intel18.8
2014-01-26 13:16:30 -------- d-----w- C:\TaxACT
.
==================== Find3M ====================
.
2014-02-13 19:05:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-13 19:05:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-12 18:01:03 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-12 18:01:03 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-12 18:01:03 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-12 18:01:01 43152 ----a-w- c:\windows\avastSS.scr
2014-01-12 17:15:33 69632 ----a-w- c:\windows\system32\smss.exe
2014-01-12 17:15:33 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-01-12 17:15:33 619520 ----a-w- c:\windows\system32\tdh.dll
2014-01-12 17:15:33 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-01-12 17:15:33 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-01-12 17:15:33 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-01-12 17:15:33 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-01-12 17:14:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-12 17:14:18 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 17:14:18 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-01-12 17:14:18 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-01-12 17:14:18 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-12 17:13:04 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-01-12 17:06:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-12 17:02:48 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-01-11 11:25:35 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-11 11:25:34 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-11 11:25:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-20 23:42:22 94208 ----a-w- c:\windows\system32\Mpeg2Parser.ax
2013-12-20 23:42:22 139264 ----a-w- c:\windows\system32\Mpeg2Decoder.ax
.
============= FINISH: 9:51:13.90 ===============
Quote:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2013 4:24:14 PM
System Uptime: 2/14/2014 8:23:31 AM (1 hours ago)
.
Motherboard: Intel Corporation | | S875WP1
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2793/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 32.443 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&2E98101C&0&11F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_07\4&2E98101C&0&11F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-zip v9.20
AC3Filter 2.6.0b
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AMD APP SDK Runtime
AMD Catalyst Install Manager
ATI AVIVO Codecs
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
Chrome Remote Desktop Host
Corel WinDVD
Corel WinDVD Pro 11
CPUID CPU-Z 1.62.0
CyberLink PowerDVD 12
DiskCheckup v3.1
EaseUS Partition Recovery 5.6.1
Eassos PartitionGuru Professional 3.7.0
Eassos Recovery Free 3.4.0
Google Chrome
Google Drive
Google Update Helper
HydraVision
ICA
IPM
Java 7 Update 51
Java Auto Updater
K-Lite Mega Codec Pack 9.7.0
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Corporation
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
Setup
Skype™ 6.11
SMPlayer 0.8.3
SpeedFan (remove only)
System Requirements Lab for Intel
TaxACT 2012 - 1040 Edition
TaxACT 2012 Virginia
TaxACT 2013 - 1040 Edition
TaxACT 2013 Virginia
Ubuntu One
UMPlayer 0.98 [P3]
VLC media player 2.1.3
Windows 7 Codec Pack 4.0.8
.
==== Event Viewer Messages From Past Week ========
.
2/14/2014 8:58:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Tricia-PC\Tricia SID (S-1-5-21-3456394791-1825238727-3856076948-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2014 8:58:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Tricia-PC\Tricia SID (S-1-5-21-3456394791-1825238727-3856076948-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2014 7:10:34 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
My System SpecsSystem Spec
14 Feb 2014   #38
Devlin1888

Windows 7 Home Premium 64Bit
 
 

after extensive scans, i would say that your pretty clean from adware, malware etc.
If all is running fine etc, I'd suggest just trying it for a few days, if any problems appear, let us know and we will find a solution, thanks for all your time, you done great!
My System SpecsSystem Spec
14 Feb 2014   #39
sdowney717

Windows 7 Ultimate x64
 
 

came back clean, no clean up needed. I think for now it is gone.
So what was it, that trojan malwarebytes found?

mbar log

Quote:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
Malwarebytes : Free Anti-Malware

Database version: v2014.02.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Tricia :: TRICIA-PC [administrator]

2/14/2014 9:59:34 AM
mbar-log-2014-02-14 (09-59-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 210350
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
system log
Quote:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 3186343936, free: 1461190656

Downloaded database version: v2014.02.14.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
02/14/2014 09:59:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\drmkvqpo.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\pssnap.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\giveio.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\agp440.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\SMBios.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\E1G60I32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\kx.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\VX6000Xp.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\VX6KCamd.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\Windows\system32\drivers\aswStm.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\TrueSight.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Users\Tricia\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86430030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8568d908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86430030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8642f148, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff86430d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86430030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f53938, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8568d908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67FEEC

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 156092416

Partition 2 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 156301310 Numsec = 234418178

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200048565760 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390699855-390719855)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
My System SpecsSystem Spec
14 Feb 2014   #40
sdowney717

Windows 7 Ultimate x64
 
 

I do thank you for all the help.
It seems other people could gain similar help following your instructions you had me perform.
So far it is zipping along fine.
My System SpecsSystem Spec
Reply

 have I been hacked on Chrome browser?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
google chrome browser
hi all I have windows 7 64 bit Microsoft installed ie 11 and bing bar I hate it mamaged to remove bing bar but not ie 11 trying to run google chrome it lets me download but for some reason will not run I have tried several different downloads they all will not let me sign in or run and most are...
Browsers & Mail
chrome over takes IE as No. 1 browser
Usage share of web browsers - Wikipedia, the free encyclopedia
News
Best web browser like Google chrome?
Hello, I was wondering if anyone knew about browsers similar to Google Chrome. I don't mean browsers like Safari, Firefox etc. I mean browsers that are unknown, such as Comodo Dragon and IceDragon. Thanks, -Rick Comodo Dragon Download Here.
Browsers & Mail
Typing lag in any browser IE9, Chrome or FF
We have been experiencing this behavior for some time. It happens at least once a day but only in the above mentioned browsers. All other applications like MS Office 2007 and Notepad and Wordpad work just fine. I followed someone else post who was experiencing the same issue and disabled the...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App